Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

possible infection, trouble reading roguekiller report.


  • Please log in to reply
2 replies to this topic

#1 hemanse

hemanse

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:06:45 AM

Posted 26 May 2014 - 06:47 PM

After being infected quite a while back i have been running a few tools once in a while to make sure it doesnt happen again, one of them is roguekiller and today i noticed something i havent seen before, was just wondering if i should be worried, tried looking around a bit to find a answer but nothing so far have helped, thought maybe a friendly person in here could help out :)

 

RogueKiller V8.8.15 _x64_ [Mar 27 2014] by Adlice Software
 
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Rasmus [Admin rights]
Mode : Scan -- Date : 05/27/2014 00:35:34
| ARK || FAK || MBR |
 
¤¤¤ Bad processes : 0 ¤¤¤
 
¤¤¤ Registry Entries : 0 ¤¤¤
 
¤¤¤ Scheduled tasks : 0 ¤¤¤
 
¤¤¤ Startup Entries : 0 ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ Browser Addons : 1 ¤¤¤
[CHR][PUP] Default : Bejeweled
 
¤¤¤ Particular Files / Folders: ¤¤¤
 
¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤
[Address] EAT @explorer.exe (WlanAllocateMemory) : wwapi.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xEBFC8AC8)
[Address] EAT @explorer.exe (WlanCloseHandle) : wwapi.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xEBFC38A0)
[Address] EAT @explorer.exe (WlanConnect) : wwapi.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xEBFC5558)
[Address] EAT @explorer.exe (WlanDeleteProfile) : wwapi.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xEBFC6D10)
[Address] EAT @explorer.exe (WlanDisconnect) : wwapi.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xEBFC57E8)
[Address] EAT @explorer.exe (WlanEnumInterfaces) : wwapi.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xEBFC3A80)
[Address] EAT @explorer.exe (WlanExtractPsdIEDataList) : wwapi.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xEBFC8394)
[Address] EAT @explorer.exe (WlanFreeMemory) : wwapi.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xEBFCA5A0)
[Address] EAT @explorer.exe (WlanGetAvailableNetworkList) : wwapi.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xEBFC4F88)
[Address] EAT @explorer.exe (WlanGetFilterList) : wwapi.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xEBFC7F9C)
[Address] EAT @explorer.exe (WlanGetInterfaceCapability) : wwapi.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xEBFC4188)
[Address] EAT @explorer.exe (WlanGetNetworkBssList) : wwapi.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xEBFC5268)
[Address] EAT @explorer.exe (WlanGetProfile) : wwapi.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xEBFC6A20)
[Address] EAT @explorer.exe (WlanGetProfileCustomUserData) : wwapi.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xEBFC7B1C)
[Address] EAT @explorer.exe (WlanGetProfileList) : wwapi.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xEBFC7404)
[Address] EAT @explorer.exe (WlanGetSecuritySettings) : wwapi.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xEBFC8D88)
[Address] EAT @explorer.exe (WlanHostedNetworkForceStart) : wwapi.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xEBFC935C)
[Address] EAT @explorer.exe (WlanHostedNetworkForceStop) : wwapi.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xEBFC9418)
[Address] EAT @explorer.exe (WlanHostedNetworkInitSettings) : wwapi.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xEBFC99D8)
[Address] EAT @explorer.exe (WlanHostedNetworkQueryProperty) : wwapi.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xEBFC94D4)
[Address] EAT @explorer.exe (WlanHostedNetworkQuerySecondaryKey) : wwapi.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xEBFCA020)
[Address] EAT @explorer.exe (WlanHostedNetworkQueryStatus) : wwapi.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xEBFC9B50)
[Address] EAT @explorer.exe (WlanHostedNetworkRefreshSecuritySettings) : wwapi.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xEBFC9A94)
[Address] EAT @explorer.exe (WlanHostedNetworkSetProperty) : wwapi.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xEBFC9744)
[Address] EAT @explorer.exe (WlanHostedNetworkSetSecondaryKey) : wwapi.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xEBFC9D78)
[Address] EAT @explorer.exe (WlanHostedNetworkStartUsing) : wwapi.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xEBFC91EC)
[Address] EAT @explorer.exe (WlanHostedNetworkStopUsing) : wwapi.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xEBFC92A4)
[Address] EAT @explorer.exe (WlanIhvControl) : wwapi.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xEBFC4A00)
[Address] EAT @explorer.exe (WlanOpenHandle) : wwapi.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xEBFC1960)
[Address] EAT @explorer.exe (WlanQueryAutoConfigParameter) : wwapi.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xEBFC3EE8)
[Address] EAT @explorer.exe (WlanQueryInterface) : wwapi.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xEBFC4668)
[Address] EAT @explorer.exe (WlanReasonCodeToString) : wwapi.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xEBFC8A54)
[Address] EAT @explorer.exe (WlanRegisterNotification) : wwapi.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xEBFC5A08)
[Address] EAT @explorer.exe (WlanRegisterVirtualStationNotification) : wwapi.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xEBFCA358)
[Address] EAT @explorer.exe (WlanRenameProfile) : wwapi.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xEBFC6F4C)
[Address] EAT @explorer.exe (WlanSaveTemporaryProfile) : wwapi.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xEBFC87D0)
[Address] EAT @explorer.exe (WlanScan) : wwapi.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xEBFC4D40)
[Address] EAT @explorer.exe (WlanSetAutoConfigParameter) : wwapi.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xEBFC3D10)
[Address] EAT @explorer.exe (WlanSetFilterList) : wwapi.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xEBFC7DCC)
[Address] EAT @explorer.exe (WlanSetInterface) : wwapi.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xEBFC4470)
[Address] EAT @explorer.exe (WlanSetProfile) : wwapi.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xEBFC6760)
[Address] EAT @explorer.exe (WlanSetProfileCustomUserData) : wwapi.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xEBFC78A4)
[Address] EAT @explorer.exe (WlanSetProfileEapUserData) : wwapi.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xEBFC5CC4)
[Address] EAT @explorer.exe (WlanSetProfileEapXmlUserData) : wwapi.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xEBFC5F9C)
[Address] EAT @explorer.exe (WlanSetProfileList) : wwapi.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xEBFC71A8)
[Address] EAT @explorer.exe (WlanSetProfilePosition) : wwapi.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xEBFC7644)
[Address] EAT @explorer.exe (WlanSetPsdIEDataList) : wwapi.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xEBFC81B0)
[Address] EAT @explorer.exe (WlanSetSecuritySettings) : wwapi.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xEBFC8B58)
 
¤¤¤ External Hives: ¤¤¤
 
¤¤¤ Infection : PUP ¤¤¤
 
¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
 
 
127.0.0.1       localhost
 
 
¤¤¤ MBR Check: ¤¤¤
 
+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) Samsung SSD 840 EVO 120GB ATA Device +++++
--- User ---
[MBR] b358815a4acdc2ad9fae130945ef537a
[BSP] e5c2d2ad33351211130728c3c9757de9 : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 114471 MB
User = LL1 ... OK!
User = LL2 ... OK!
 
+++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ IDE) Samsung SSD 840 PRO Series ATA Device +++++
--- User ---
[MBR] 7f9a6d073aa91afc1c6baee0d1b3e676
[BSP] 9ea6294610e5f4ef79e441599a57feb1 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 244096 MB
User = LL1 ... OK!
User = LL2 ... OK!
 
+++++ PhysicalDrive2: (\\.\PHYSICALDRIVE2 @ IDE) WDC WD10EARS-00Y5B1 ATA Device +++++
--- User ---
[MBR] 7dc9c1a2183cee96a21fb3ab5407dac1
[BSP] eb8d6fc1b551e41ae818f154951faa4c : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 953867 MB
User = LL1 ... OK!
User = LL2 ... OK!
 
Finished : << RKreport[0]_S_05272014_003534.txt >>
RKreport[0]_D_05272014_003114.txt;RKreport[0]_S_05272014_002655.txt
 

 

 

Only thing im a bit worried about is the Driver section, i do not have a clue what "[Address] EAT @explorer.exe (WlanAllocateMemory) : wwapi.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xEBFC8AC8)" means :(

 



BC AdBot (Login to Remove)

 


#2 hemanse

hemanse
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:06:45 AM

Posted 26 May 2014 - 08:24 PM

If anyoe can tell me what is means that would be great, rather worried at the moment, shouldnt be using programs i dont fully understand



#3 nasdaq

nasdaq

  • Malware Response Team
  • 40,736 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:45 PM

Posted 31 May 2014 - 07:56 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Nothing to worry about.

https://ca.answers.yahoo.com/question/index?qid=20080210093937AA2FBCz

http://systemexplorer.net/file-database/file/wwapi-dll




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users